Comments (7)
hailq
commented on April 26, 2024
13
But what happen if i need to parser the form data to get the authentication value? What should i do in this case?
from multer.
jpidelatorre
commented on April 26, 2024
5
@lorenzotsi You need to use multer per route instead of globally. (https://github.com/jpfluger/multer/blob/examples/multer-upload-files-to-different-directories.md)
Then you can add an auth middleware before multer like this:
router.post('/uploads', function (req, res, next) {
if (!authorized) {
res.send(403);
} else {
next();
}
},
multer({ dest: '/uploads/' }),
function (req, res, next) {
// whatever you were planning to do.
});
I know it's late, but I hope it ends up helping someone.
from multer.
hacksparrow
commented on April 26, 2024
Load the auth middleware before multer.
from multer.
lorenzotsi
commented on April 26, 2024
...
// Multipart file upload
app.use(multer(
{
dest: wwwroot + path.sep + 'uploaded' + path.sep,
onFileUploadStart: function (file) {
//TODO : apply security check : user auth, file size, number...
console.log(file.fieldname + ' is starting ...')
},
onFileUploadComplete: function (file) {
console.log(file.fieldname + ' uploaded to ' + file.path)
}
}));
...
app.use(passport.auth.initialize());
app.use(passport.auth.session());
I've tried to put the last 2 lines before multer init, but no way. Is it some other middleware for security you're referring to? Or Is there a way to access request object inside onFileUploadStart()? In that case I would be able to check the user.
Thanks
from multer.
lorenzotsi
commented on April 26, 2024
@hacksparrow Could you give me advice, please? I can't catch if it is a limit of express, of multer , both, a versions uncompliancy or myself in making mistake with the config, Thanks
from multer.
sigurdga
commented on April 26, 2024
@lorenzotsi You can do the auth check on the route that receives the files. I use passportjs and get a req.user I can do checks on.
from multer.
lorenzotsi
commented on April 26, 2024
@sigurdga Thanks for your support, but that can be applied after. I mean, first the file is uploaded (that is what I'm trying to prevent), in the route I could then cancel the just uploaded file in case user not logged in. I hoped in a better solution.
from multer.
Related Issues (20)
- I am also having the same error here, the error is saying "Cannot read properties of undefined (reading 'path')
- File delete issue HOT 2
- Multer & Express.js File Upload request hanged (never ending pending) HOT 3
- Distortion of the Russian file name HOT 4
- Error: Invalid 'path' Argument Type in File Upload Code HOT 6
- how can I upload image or json file ? HOT 1
- Why Postman filename is right, but in the web I use formdata.append() the filename is rong? HOT 1
- ERROR UPLOADING FILE
- ERROR UPLOADING FILE using the javascript and I also use multer in handling the fileupload HOT 5
- Translation of Documentation to Indonesian
- Multer gives error on serverless if using without express js
- Error in uploading a photo in javascript using a multer. HOT 2
- There is a way to effectively add a custom Error handler to multer? HOT 2
- (love) Just to tell you how great your software is HOT 1
- TypeError: Cannot read properties of undefined (reading 'length') when fieldNameSize is not set HOT 6
- Upgrade to the latest version of busboy to prevent potential DOS attack via Dicer HOT 1
- File upload got stuck while uploading large text files HOT 3
- Upload file use Multer with Multer-gridfs-storage in environment of bun is not working but when I use environment of nodejs then it's working? HOT 1
- req.file returning Undefined on frontend, but with Insomnia returns correctly HOT 4
- Custom storage engine not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from multer.